Enable GuardDuty in AWS

In this topic:

    To use GuardDuty, you must first enable it. Use the following procedure to enable GuardDuty.

    1. The IAM identity (user, role, group) that you use to enable GuardDuty must have the required permissions. To grant the permissions required to enable GuardDuty, attach the following policy to an IAM user, group, or role:

      Note

      Replace the sample account ID in the example below with your actual AWS account ID.

      {
          "Version": "2012-10-17",
          "Statement": [
              {
                  "Effect": "Allow",
                  "Action": [
                      "guardduty:*"
                  ],
                  "Resource": "*"
              },
              {
                  "Effect": "Allow",
                  "Action": [
                      "iam:CreateServiceLinkedRole"
                  ],
                  "Resource": "arn:aws:iam::123456789123:role/aws-service-role/guardduty.amazonaws.com/AWSServiceRoleForAmazonGuardDuty",
                  "Condition": {
                      "StringLike": {
                          "iam:AWSServiceName": "guardduty.amazonaws.com"
                      }
                  }
              },
              {
                  "Effect": "Allow",
                  "Action": [
                      "iam:PutRolePolicy",
                      "iam:DeleteRolePolicy"
                  ],
                  "Resource": "arn:aws:iam::123456789123:role/aws-service-role/guardduty.amazonaws.com/AWSServiceRoleForAmazonGuardDuty"
              }
          ]
      }     
              
    2. Use the credentials of the IAM identity from step 1 to sign in to the GuardDuty console at https://console.aws.amazon.com/guardduty. When you open the GuardDuty console for the first time, choose Get Started, and then choose Enable GuardDuty.

    For more information, please see full AWS documentation here.